A new type of malware.

from JoeUser Forums

 

TrendLabs has reported the Pixsteal-A-Trojan. Its a new type of malware which targets image files to expose those infected to identity theft, blackmail and fraud.

This Trojan finds image files on your drives and transfers these images to a remote server. The affected file types are .jpg, .jpeg and .dmp (dmp's are created by computer or program crashes). While AutoCAD files have been targeted in the past by industrial espionage spyware, most Trojans concentrate on text and document files. However, users store sensitive information in image files, so they have become a target as well.

So who cares if a bunch of .jpegs are transferred? You might, if you take screenshots of receipts or are going paperless, or if you scan personal records or patient records onto your personal or office computer. Some of those might be very sensitive, like tax records, lab reports, etc.

The Pixsteal Trojan is spyware. The victim is infected via the internet by downloading contaminated software or files, or by other malware on the user’s system. Conceivably, the route of infection might even be via email. While email and steganography weren’t specifically mentioned, I see no reason they couldn’t be used to disseminate this Trojan. So beware .jpegs, etc. which appear exceptionally large. Once on the machine, the trojan seeks out images on all the drives of that computer, copies them to a central location on the C: drive, connects to the remote FTP server and transfers the files.

There might also be images (like those young folks take) which could prove quite embarrassing if they fall into the wrong hands (ask Prince Harry if you don’t believe me). Apparently, some 88% do get harvested and sold to/on parasite sites. Apparently, sifting the harvesting can be quite tedious, but is quite productive.

So… be aware. Be safe in your Internet habits, and keep your security software updated folks.

 

Sources:

http://securitywatch.pcmag.com/none/304678-image-stealing-trojan-exposes-victims-to-id-theft-blackmail

http://blog.trendmicro.com/trendlabs-security-intelligence/malware-steals-image-files-from-systems/

http://about-threats.trendmicro.com/us/malware/TSPY_PIXSTEAL.A

33,265 views 18 replies
Reply #1 from WinCustomize Forums Top

Thanks DOC... There is also a security flaw currently in windows8 i doubt it has been fixed yet.. The French company Vupen found it and is selling it .
I dont know if it has been sold already but i think it wont take long. 

Siege of Centauri
Reply #3 from Elemental Forums Top

Damn if they use that on my pc... Gonna have to go through ALOT of kinkiy ass porn... 

Reply #4 from Sins Forums Top

Thanks for the heads up.

Reply #5 from WinCustomize Forums Top

Man I wish they would catch everyone who creates this type of crap and give them ALL lobotomies! :annoyed:

Reply #6 from WinCustomize Forums Top

Quoting LightStar, reply 5
Man I wish they would catch everyone who creates this type of crap and give them ALL lobotomies!
End of LightStar's quote

With a tattoo on thier foreheads that says..."DUH!"

Reply #7 from WinCustomize Forums Top

[quote who="Uvah" reply="6" id="3270990"]
Quoting LightStar, reply 5Man I wish they would catch everyone who creates this type of crap and give them ALL lobotomies!

With a tattoo on thier foreheads that says...Simpson wannabe. lol

Reply #8 from WinCustomize Forums Top

I feel obligated to point out the bottom section regarding cell phones in the 1st link of the OP:

http://securitywatch.pcmag.com/none/304678-image-stealing-trojan-exposes-victims-to-id-theft-blackmail

That's enough to trigger any paranoia issues a person might have lurking about.  Might want to keep that cell phone in a case.

Reply #9 from Elemental Forums Top

Quoting DaveRI, reply 9
I feel obligated to point out the bottom section regarding cell phones in the 1st link of the OP:

http://securitywatch.pcmag.com/none/304678-image-stealing-trojan-exposes-victims-to-id-theft-blackmail

That's enough to trigger any paranoia issues a person might have lurking about.  Might want to keep that cell phone in a case.
End of DaveRI's quote
The army in my country (if you serve in any type of sensitive area no matter how unsensitive it is) makes soldier either leave their phones outside or break there camera.

Reply #10 from Elemental Forums Top

I have probably 20gb of images because I do a lot of graphic design. 99% of them are PNGs. haha. :D

This is really clever though. 

Reply #11 from WinCustomize Forums Top

I'd bet there are variants (or will be shortly) which harvest .png files.

Remember, the 'type' of image as well as the info included in the image (and the metadata) are what make the victim so vulnerable.

Reply #12 from Elemental Forums Top

Quoting DrJBHL, reply 12
I'd bet there are variants (or will be shortly) which harvest .png files.

Remember, the 'type' of image as well as the info included in the image (and the metadata) are what make the victim so vulnerable.
End of DrJBHL's quote

 

Still doesn't bother me. I don't keep any personal data on this laptop and I don't screenshot anything that is going to have sensitive information. I'll usually just write it down. 

Reply #13 from WinCustomize Forums Top

OMG! I hope my 1.35Tb of pr0n doesn't go missing!

Reply #14 from WinCustomize Forums Top

:rofl:  Backup´s being made all over the World ATM

Reply #15 from WinCustomize Forums Top

Quoting Fuzzy, reply 13
OMG! I hope my 1.35Tb of pr0n doesn't go missing!
End of Fuzzy's quote

Shit, is that all?  You had 1.25Tb of pr0n last time something like this came up. 

That was 3 years ago... meaning, you should have at least 3.75Tb of pr0n by now. :w00t:

Reply #16 from WinCustomize Forums Top

Quoting starkers, reply 15
3.75Tb of pr0n
End of starkers's quote
!?!?!?!

W0W! :P

Reply #17 from WinCustomize Forums Top

Quoting starkers, reply 15
Shit, is that all? You had 1.25Tb of pr0n last time something like this came up.
End of starkers's quote

I got rid of all the ladyboy stuff ;p

Reply #18 from WinCustomize Forums Top

This gives new meaning to the term "dirty pictures" o_O :omg: